The use of computing services, such as remote data storage services and social networking services, has greatly increased in recent years. The service providers for these computing services may maintain user account integrity by requiring users to authenticate themselves to the service provider using user credentials. For example, a particular service provider may require a user to verify their identity by submitting the correct combination of user name and password. Furthermore, organizations may require entities of the organization to enter a user name and password combination to gain access to organizational resources.
Many current password-based authentication systems rely on the ability of the user to select his or her own password. However, users often do not choose strong passwords, and users often have difficulty remembering randomly-generated passwords. Due to this problem, user-selected passwords are often easily compromised by an attacker. To prevent user information from being easily compromised because of poor user-selected passwords, many authentication systems employ complexity requirements such as a minimum length of eight characters, at least one upper case character, at least one lower character and at least one non-alphabetic character. However, even these complexity requirements may not prevent users from selecting weak passwords. Even when adding additional complexity requirements users may still find a way around the complexity requirements and select weak passwords. For instance, the user may select a keyboard pattern that appears randomly generated, but may be easily attacked and compromised using modern techniques.